# Author :: Paul Kauffmann <kauffmap@us.ibm.com>
# Recipe:: certsetup
#
# Copyright 2013, IBM Corporation
#
# All rights reserved - Do Not Redistribute
# Import signer certificate from the remote server role specified for the profile specified in the name

define :importsigner do
  profilename = params[:name]
  serverrole = params[:serverrole]
  username = params[:username]
  password = params[:password]
  
  deployment = node[:deployment]
  zkep = "#{node[:zookeeper][:ip]}:#{node[:zookeeper][:port]}"

  # Set Server Short HostName
  hostShortName = node[:hostname]

  cellName = "#{hostShortName}Node01Cell"
  nodeName = "#{hostShortName}Node01"      

  # Make Temp directory for signer certificate scripts
  directory "/tmp/signercertificates/" do
    owner node[:chef][:user]
    group node[:was][:group]
    action :create
  end


  # Make Temp directory for role certificate script
  directory "/tmp/signercertificates/#{serverrole}" do
    owner node[:chef][:user]
    group node[:was][:group]
    action :create
  end

  # Determine Remote Server Hostname 
  ruby_block "Determine #{serverrole} Hostname" do
     block do
       remoteHostName=""
       remoteHostShortName=""
       remoteSecurePort = ""
       search(:node,"deployment:#{deployment}"). each do |match_node|
         if match_node.role?(serverrole)
           remoteHostName=match_node[:fqdn]
           remoteHostShortName=match_node[:hostname]
           require 'zk'
           require 'json'
           begin
             z = ZK.new(zkep)
             portinfourl = node[:was][:endpointpre] + "#{match_node.name}/info"
             portinfo = JSON.parse(z.get(portinfourl).first)
             remoteSecurePort = portinfo["WC_adminhost_secure"]
           ensure
             z.close
           end
           
         end
       end
       if remoteHostName =="" 
         raise "Failed to find hostname #{serverrole} "
       else
         puts "Retrieved fqdn #{remoteHostName}, shortname #{remoteHostShortName} and port #{remoteSecurePort} for role #{serverrole}"
       end
       
       # Create a shell script with the required info
       shellstr =<<-SHELLCMD
# retrieve avatax certificate from the remote port
try:
  AdminTask.retrieveSignerFromPort('[-keyStoreName NodeDefaultTrustStore -keyStoreScope (cell):#{cellName}:(node):#{nodeName} -host #{remoteHostName} -port #{remoteSecurePort} -certificateAlias #{remoteHostShortName}_cert -sslConfigName NodeDefaultSSLSettings -sslConfigScopeName (cell):#{cellName}:(node):#{nodeName}]') 
except:
  pass
AdminConfig.save()
SHELLCMD
      File.open("/tmp/signercertificates/#{serverrole}/importremotecert.py", "w") {|f| f.write(shellstr)}
      cmdout = `chmod +r /tmp/signercertificates/#{serverrole}/importremotecert.py`
     end
   end



  # Run wsadmin script to import OMS root certifcate  

  bash "Import #{serverrole} certificate to AppServer" do
    user node[:was][:user]
    group node[:was][:group]
    cwd "#{node[:was][:installDir]}/profiles/#{profilename}/bin"
    code <<-EOH
    ./wsadmin.sh -lang jython -f /tmp/signercertificates/#{serverrole}/importremotecert.py -username #{username} -password #{password}
    EOH
  end
  
end
